Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
ub8ehJSePAfc9FYqZIT6.arm7.elf

Overview

General Information

Sample name:ub8ehJSePAfc9FYqZIT6.arm7.elf
Analysis ID:1583850
MD5:3850a6ed3b8397a787989e782dd8f96d
SHA1:1b67ffbaecdc01a7a7305cbc19139bf230496506
SHA256:fbf8b8524b49dbcb4369bc7f84cb321a01fbf956c3c4ea7475e7fcb813ba13cf
Tags:elfuser-abuse_ch
Infos:

Detection

Mirai
Score:60
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Yara detected Mirai
Sample is packed with UPX
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Sample contains only a LOAD segment without any section mappings
Uses the "uname" system call to query kernel version information (possible evasion)
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1583850
Start date and time:2025-01-03 18:36:09 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 54s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:ub8ehJSePAfc9FYqZIT6.arm7.elf
Detection:MAL
Classification:mal60.troj.evad.linELF@0/0@0/0

Warnings

  • VT rate limit hit for: ub8ehJSePAfc9FYqZIT6.arm7.elf

Runtime Messages

Command:/tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf
PID:5496
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
lzrd cock fest"/proc/"/exe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
5496.1.00007f6be0017000.00007f6be002f000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    5496.1.00007f6be0017000.00007f6be002f000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0x1542c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15440:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15454:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15468:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1547c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15490:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x154a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x154b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x154cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x154e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x154f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15508:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1551c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15530:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15544:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15558:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x1556c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15580:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x15594:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x155a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0x155bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    5498.1.00007f6be0017000.00007f6be002f000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
      5498.1.00007f6be0017000.00007f6be002f000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0x1542c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15440:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15454:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15468:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1547c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15490:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x154a4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x154b8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x154cc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x154e0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x154f4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15508:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1551c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15530:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15544:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15558:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x1556c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15580:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x15594:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x155a8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0x155bc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      5507.1.00007f6be0017000.00007f6be002f000.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
        Click to see the 11 entries

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results
        Source: global trafficTCP traffic: 192.168.2.13:44072 -> 141.11.33.73:3778
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: unknownTCP traffic detected without corresponding DNS query: 141.11.33.73
        Source: ub8ehJSePAfc9FYqZIT6.arm7.elfString found in binary or memory: http://upx.sf.net

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 5496.1.00007f6be0017000.00007f6be002f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5498.1.00007f6be0017000.00007f6be002f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5507.1.00007f6be0017000.00007f6be002f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: 5500.1.00007f6be0017000.00007f6be002f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5496, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5498, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5500, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5507, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
        Source: LOAD without section mappingsProgram segment: 0x8000
        Source: 5496.1.00007f6be0017000.00007f6be002f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5498.1.00007f6be0017000.00007f6be002f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5507.1.00007f6be0017000.00007f6be002f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: 5500.1.00007f6be0017000.00007f6be002f000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5496, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5498, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5500, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5507, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
        Source: classification engineClassification label: mal60.troj.evad.linELF@0/0@0/0

        Data Obfuscation

        barindex
        Sample is packed with UPX
        Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
        Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
        Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/230/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/110/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/231/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/111/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/232/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/112/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/233/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/113/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/234/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/114/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/235/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/115/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/236/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/116/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/237/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/117/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/238/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/118/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/239/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/119/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/3633/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/914/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/10/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/917/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/11/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/12/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/13/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/14/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/15/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/16/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/17/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/18/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/19/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/240/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/3095/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/120/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/241/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/121/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/242/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/1/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/122/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/243/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/2/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/123/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/244/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/3/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/124/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/245/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/1588/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/125/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/4/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/246/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/126/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/5/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/247/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/127/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/6/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/248/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/128/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/7/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/249/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/129/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/8/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/800/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/9/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/1906/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/802/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/3764/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/803/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/20/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/21/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/22/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/23/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/24/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/25/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/26/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/27/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/28/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/29/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/3420/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/1482/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/490/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/1480/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/250/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/371/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/130/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/251/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/131/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/252/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/132/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/253/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/254/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/1238/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/134/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/255/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/256/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/257/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/378/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/3413/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/258/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/259/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/1475/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/936/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/30/statusJump to behavior
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)File opened: /proc/816/statusJump to behavior
        Source: ub8ehJSePAfc9FYqZIT6.arm7.elfSubmission file: segment LOAD with 7.9751 entropy (max. 8.0)
        Source: /tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf (PID: 5496)Queries kernel information via 'uname': Jump to behavior
        Source: ub8ehJSePAfc9FYqZIT6.arm7.elf, 5496.1.00007ffe06f9c000.00007ffe06fbd000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5498.1.00007ffe06f9c000.00007ffe06fbd000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5500.1.00007ffe06f9c000.00007ffe06fbd000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5507.1.00007ffe06f9c000.00007ffe06fbd000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-arm/tmp/ub8ehJSePAfc9FYqZIT6.arm7.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf
        Source: ub8ehJSePAfc9FYqZIT6.arm7.elf, 5496.1.000055e748972000.000055e748bc1000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5498.1.000055e748972000.000055e748ba0000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5500.1.000055e748972000.000055e748ba0000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5507.1.000055e748972000.000055e748bc1000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
        Source: ub8ehJSePAfc9FYqZIT6.arm7.elf, 5496.1.000055e748972000.000055e748bc1000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5498.1.000055e748972000.000055e748ba0000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5500.1.000055e748972000.000055e748ba0000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5507.1.000055e748972000.000055e748bc1000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
        Source: ub8ehJSePAfc9FYqZIT6.arm7.elf, 5496.1.00007ffe06f9c000.00007ffe06fbd000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5498.1.00007ffe06f9c000.00007ffe06fbd000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5500.1.00007ffe06f9c000.00007ffe06fbd000.rw-.sdmp, ub8ehJSePAfc9FYqZIT6.arm7.elf, 5507.1.00007ffe06f9c000.00007ffe06fbd000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm

        Stealing of Sensitive Information

        barindex
        Yara detected Mirai
        Source: Yara matchFile source: 5496.1.00007f6be0017000.00007f6be002f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5498.1.00007f6be0017000.00007f6be002f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5507.1.00007f6be0017000.00007f6be002f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5500.1.00007f6be0017000.00007f6be002f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5496, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5498, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5500, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5507, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Yara detected Mirai
        Source: Yara matchFile source: 5496.1.00007f6be0017000.00007f6be002f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5498.1.00007f6be0017000.00007f6be002f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5507.1.00007f6be0017000.00007f6be002f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: 5500.1.00007f6be0017000.00007f6be002f000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5496, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5498, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5500, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: ub8ehJSePAfc9FYqZIT6.arm7.elf PID: 5507, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception11
        Obfuscated Files or Information        		1
        OS Credential Dumping        		11
        Security Software Discovery        		Remote ServicesData from Local System1
        Non-Standard Port        		Exfiltration Over Other Network MediumAbuse Accessibility Features

        Malware Configuration

        No configs have been found

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1583850 Sample: ub8ehJSePAfc9FYqZIT6.arm7.elf Startdate: 03/01/2025 Architecture: LINUX Score: 60 20 141.11.33.73, 3778, 44072, 44074 BELWUEBelWue-KoordinationEU United Kingdom 2->20 22 Malicious sample detected (through community Yara rule) 2->22 24 Yara detected Mirai 2->24 26 Sample is packed with UPX 2->26 8 ub8ehJSePAfc9FYqZIT6.arm7.elf 2->8         started        signatures3 process4 process5 10 ub8ehJSePAfc9FYqZIT6.arm7.elf 8->10         started        12 ub8ehJSePAfc9FYqZIT6.arm7.elf 8->12         started        14 ub8ehJSePAfc9FYqZIT6.arm7.elf 8->14         started        process6 16 ub8ehJSePAfc9FYqZIT6.arm7.elf 10->16         started        18 ub8ehJSePAfc9FYqZIT6.arm7.elf 10->18         started       

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        No Antivirus matches

        Dropped Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        No contacted domains info

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://upx.sf.netub8ehJSePAfc9FYqZIT6.arm7.elffalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          141.11.33.73
          		unknownUnited Kingdom
          		553BELWUEBelWue-KoordinationEUfalse

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          141.11.33.73ub8ehJSePAfc9FYqZIT6.m68k.elfGet hashmaliciousMiraiBrowse
            ub8ehJSePAfc9FYqZIT6.x86_64.elfGet hashmaliciousUnknownBrowse
              ub8ehJSePAfc9FYqZIT6.arm.elfGet hashmaliciousMiraiBrowse
                ub8ehJSePAfc9FYqZIT6.x86.elfGet hashmaliciousUnknownBrowse
                  boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                    boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                      141.11.33.73-boatnet.arm-2025-01-03T05_39_17.elfGet hashmaliciousMiraiBrowse

                        Domains

                        No context

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        BELWUEBelWue-KoordinationEUub8ehJSePAfc9FYqZIT6.m68k.elfGet hashmaliciousMiraiBrowse
                        • 141.11.33.73
                        ub8ehJSePAfc9FYqZIT6.x86_64.elfGet hashmaliciousUnknownBrowse
                        • 141.11.33.73
                        ub8ehJSePAfc9FYqZIT6.arm.elfGet hashmaliciousMiraiBrowse
                        • 141.11.33.73
                        ub8ehJSePAfc9FYqZIT6.x86.elfGet hashmaliciousUnknownBrowse
                        • 141.11.33.73
                        boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                        • 141.11.33.73
                        boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                        • 141.11.33.73
                        141.11.33.73-boatnet.arm-2025-01-03T05_39_17.elfGet hashmaliciousMiraiBrowse
                        • 141.11.33.73
                        Hilix.mips.elfGet hashmaliciousMiraiBrowse
                        • 134.155.120.154
                        armv5l.elfGet hashmaliciousUnknownBrowse
                        • 141.79.218.248
                        kwari.arm.elfGet hashmaliciousUnknownBrowse
                        • 134.34.202.108

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        No created / dropped files found

                        Static File Info

                        General

                        File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (GNU/Linux), statically linked, no section header
                        Entropy (8bit):7.984844298036467
                        TrID:
                        • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                        File name:ub8ehJSePAfc9FYqZIT6.arm7.elf
                        File size:61'840 bytes
                        MD5:3850a6ed3b8397a787989e782dd8f96d
                        SHA1:1b67ffbaecdc01a7a7305cbc19139bf230496506
                        SHA256:fbf8b8524b49dbcb4369bc7f84cb321a01fbf956c3c4ea7475e7fcb813ba13cf
                        SHA512:545b12f6ebfa4fb4b27658c497cf7e3f837935aec0de44b7e0466163994868c5e1df758bcf6e8c937d79b28d11795d6eec536a39c2a7c01c13a2f7efb4e39c8d
                        SSDEEP:1536:Y7XduYshWhq/HIEy6Og3Nwz9hAyxP4fzLSM5Tfv83KJGTb6R4T:qdpssMPR9w4yxP4fzLXTX83K0Tb6Rg
                        TLSH:2F530222880368B5EB63BE77BBF04FC3F50D8B7274A9A47920556158F6F946128313E7
                        File Content Preview:.ELF..............(.....`...4...........4. ...(.....................M...M................6...6...6..................Q.td...............................OUPX!.........n...n......j..........?.E.h;....#..$...o....P.G.o.....X.*.V......f..T.qh...4.8........8.|i

                        Static ELF Info

                        ELF header

                        Class:ELF32
                        Data:2's complement, little endian
                        Version:1 (current)
                        Machine:ARM
                        Version Number:0x1
                        Type:EXEC (Executable file)
                        OS/ABI:UNIX - Linux
                        ABI Version:0
                        Entry Point Address:0x11c60
                        Flags:0x4000002
                        ELF Header Size:52
                        Program Header Offset:52
                        Program Header Size:32
                        Number of Program Headers:3
                        Section Header Offset:0
                        Section Header Size:40
                        Number of Section Headers:0
                        Header String Table Index:0

                        Program Segments

                        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                        LOAD0x00x80000x80000xae4d0xae4d7.97510x5R E0x8000
                        LOAD0x36c80x236c80x236c80x00x00.00000x6RW 0x8000
                        GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                        Network Behavior

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Jan 3, 2025 18:37:15.773411036 CET440723778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:15.778213978 CET377844072141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:15.778268099 CET440723778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:15.832238913 CET440723778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:15.837114096 CET377844072141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:15.837157965 CET440723778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:15.841905117 CET377844072141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:16.792211056 CET377844072141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:16.792860031 CET440723778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:16.792860031 CET440723778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:16.793401003 CET440743778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:16.798191071 CET377844074141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:16.798297882 CET440743778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:16.799062967 CET440743778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:16.803823948 CET377844074141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:16.803917885 CET440743778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:16.808676958 CET377844074141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:17.894674063 CET377844074141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:17.894968033 CET440743778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:17.894968033 CET440743778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:17.895462036 CET440763778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:17.900291920 CET377844076141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:17.900343895 CET440763778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:17.900909901 CET440763778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:17.905703068 CET377844076141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:17.905742884 CET440763778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:17.910553932 CET377844076141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:18.923548937 CET377844076141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:18.923739910 CET440763778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:18.923830032 CET440763778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:18.924366951 CET440783778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:18.929193020 CET377844078141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:18.929378033 CET440783778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:18.929925919 CET440783778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:18.934757948 CET377844078141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:18.934809923 CET440783778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:18.939627886 CET377844078141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:20.005273104 CET377844078141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:20.005507946 CET440783778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:20.005551100 CET440783778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:20.006019115 CET440803778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:20.010869980 CET377844080141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:20.010950089 CET440803778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:20.011584044 CET440803778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:20.016411066 CET377844080141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:20.016455889 CET440803778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:20.021259069 CET377844080141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:21.045644999 CET377844080141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:21.045855999 CET440803778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:21.045901060 CET440803778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:21.046430111 CET440823778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:21.051171064 CET377844082141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:21.051212072 CET440823778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:21.051964998 CET440823778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:21.056756020 CET377844082141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:21.056797981 CET440823778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:21.061578989 CET377844082141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:21.558162928 CET440843778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:21.563085079 CET377844084141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:21.563208103 CET440843778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:21.615816116 CET440843778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:21.620659113 CET377844084141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:21.620707989 CET440843778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:21.625524044 CET377844084141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:22.072324991 CET377844082141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:22.072428942 CET440823778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:22.072468996 CET440823778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:22.072979927 CET440863778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:22.077812910 CET377844086141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:22.077857018 CET440863778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:22.078596115 CET440863778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:22.083381891 CET377844086141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:22.083431005 CET440863778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:22.088175058 CET377844086141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:25.642404079 CET377844084141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:25.642656088 CET440843778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:25.642990112 CET440843778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:25.643577099 CET440883778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:25.648410082 CET377844088141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:25.648463011 CET440883778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:25.649616957 CET440883778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:25.654424906 CET377844088141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:25.654468060 CET440883778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:25.659300089 CET377844088141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:26.692967892 CET377844088141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:26.693180084 CET440883778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:26.693217039 CET440883778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:26.693926096 CET440903778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:26.698756933 CET377844090141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:26.698826075 CET440903778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:26.699659109 CET440903778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:26.704453945 CET377844090141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:26.704498053 CET440903778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:26.709266901 CET377844090141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:28.391881943 CET377844090141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:28.392013073 CET440903778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:28.392013073 CET440903778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:28.392515898 CET440923778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:28.397330999 CET377844092141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:28.397376060 CET440923778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:28.398029089 CET440923778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:28.402941942 CET377844092141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:28.402996063 CET440923778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:28.407856941 CET377844092141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:29.445383072 CET377844092141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:29.445540905 CET440923778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:29.445540905 CET440923778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:29.446038961 CET440943778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:29.450779915 CET377844094141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:29.450856924 CET440943778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:29.451555967 CET440943778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:29.456377029 CET377844094141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:29.456413984 CET440943778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:29.461184025 CET377844094141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:31.046421051 CET377844094141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:31.046540976 CET440943778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:31.046600103 CET440943778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:31.047221899 CET440963778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:31.052052975 CET377844096141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:31.052107096 CET440963778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:31.052875996 CET440963778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:31.057621956 CET377844096141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:31.057668924 CET440963778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:31.062488079 CET377844096141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:32.088711023 CET440863778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:32.093637943 CET377844086141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:33.093684912 CET377844086141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:33.093867064 CET440863778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:33.636832952 CET377844096141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:33.637290001 CET440963778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:33.637290001 CET440963778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:33.638041973 CET440983778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:33.643459082 CET377844098141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:33.643507004 CET440983778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:33.644617081 CET440983778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:33.649555922 CET377844098141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:33.649599075 CET440983778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:33.654361010 CET377844098141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:34.661225080 CET377844098141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:34.661509991 CET440983778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:34.661608934 CET440983778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:34.662585020 CET441003778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:34.667385101 CET377844100141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:34.667516947 CET441003778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:34.668678045 CET441003778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:34.673403978 CET377844100141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:34.673466921 CET441003778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:34.678358078 CET377844100141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:36.354033947 CET377844100141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:36.354193926 CET441003778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:36.354259014 CET441003778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:36.355101109 CET441023778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:36.359926939 CET377844102141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:36.359972954 CET441023778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:36.360831976 CET441023778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:36.365593910 CET377844102141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:36.365648031 CET441023778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:36.370373964 CET377844102141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:37.381108046 CET377844102141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:37.381237030 CET441023778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:37.381333113 CET441023778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:37.382132053 CET441043778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:37.386980057 CET377844104141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:37.387057066 CET441043778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:37.388075113 CET441043778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:37.392826080 CET377844104141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:37.392880917 CET441043778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:37.397716045 CET377844104141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:38.394937038 CET377844104141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:38.395046949 CET441043778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:38.395087957 CET441043778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:38.395632029 CET441063778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:38.400463104 CET377844106141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:38.400544882 CET441063778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:38.401259899 CET441063778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:38.405999899 CET377844106141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:38.406061888 CET441063778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:38.410828114 CET377844106141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:43.136217117 CET377844106141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:43.136526108 CET441063778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:43.136581898 CET441063778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:43.137496948 CET441083778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:43.289031982 CET377844106141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:43.289041996 CET377844106141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:43.289176941 CET441063778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:43.289176941 CET441063778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:43.289485931 CET377844108141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:43.289597034 CET441083778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:43.291157961 CET441083778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:43.295960903 CET377844108141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:43.296010017 CET441083778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:43.300947905 CET377844108141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:44.300812960 CET377844108141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:44.301156044 CET441083778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:44.301198006 CET441083778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:44.302078962 CET441103778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:44.306823015 CET377844110141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:44.306948900 CET441103778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:44.308043003 CET441103778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:44.312880039 CET377844110141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:44.312988043 CET441103778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:44.317758083 CET377844110141.11.33.73192.168.2.13
                        Jan 3, 2025 18:37:54.317454100 CET441103778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:37:54.322267056 CET377844110141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:05.661112070 CET377844110141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:05.661621094 CET441103778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:05.666471004 CET377844110141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:06.664324999 CET441123778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:06.669461966 CET377844112141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:06.669562101 CET441123778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:06.670799017 CET441123778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:06.675563097 CET377844112141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:06.675637007 CET441123778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:06.680454969 CET377844112141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:17.296526909 CET377844112141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:17.296907902 CET441123778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:17.296907902 CET441123778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:17.297570944 CET441143778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:17.302354097 CET377844114141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:17.302405119 CET441143778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:17.303262949 CET441143778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:17.308002949 CET377844114141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:17.308046103 CET441143778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:17.312772989 CET377844114141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:21.354127884 CET377844114141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:21.354252100 CET441143778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:21.354288101 CET441143778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:21.355000973 CET441163778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:21.359846115 CET377844116141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:21.359957933 CET441163778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:21.361124992 CET441163778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:21.365860939 CET377844116141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:21.365930080 CET441163778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:21.370727062 CET377844116141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:22.403592110 CET377844116141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:22.403866053 CET441163778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:22.403867006 CET441163778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:22.404520035 CET441183778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:22.410264015 CET377844118141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:22.410321951 CET441183778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:22.411237001 CET441183778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:22.416528940 CET377844118141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:22.416565895 CET441183778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:22.421514988 CET377844118141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:23.433015108 CET377844118141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:23.433173895 CET441183778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:23.433362961 CET441183778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:23.434122086 CET441203778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:23.438899040 CET377844120141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:23.438998938 CET441203778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:23.439964056 CET441203778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:23.444713116 CET377844120141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:23.444785118 CET441203778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:23.449565887 CET377844120141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:24.510871887 CET377844120141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:24.510986090 CET441203778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:24.511346102 CET441203778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:24.511929035 CET441223778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:24.516712904 CET377844122141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:24.516791105 CET441223778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:24.517700911 CET441223778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:24.522463083 CET377844122141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:24.522540092 CET441223778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:24.527287960 CET377844122141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:25.556525946 CET377844122141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:25.556679010 CET441223778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:25.556782007 CET441223778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:25.557630062 CET441243778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:25.562510967 CET377844124141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:25.562606096 CET441243778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:25.563616991 CET441243778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:25.568404913 CET377844124141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:25.568470001 CET441243778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:25.573328972 CET377844124141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:27.234776020 CET377844124141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:27.234951973 CET441243778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:27.235147953 CET441243778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:27.235869884 CET441263778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:27.240684986 CET377844126141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:27.240789890 CET441263778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:27.241764069 CET441263778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:27.246644974 CET377844126141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:27.246731043 CET441263778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:27.251650095 CET377844126141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:33.141252995 CET440863778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:38:33.146229029 CET377844086141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:34.142415047 CET377844086141.11.33.73192.168.2.13
                        Jan 3, 2025 18:38:34.142652988 CET440863778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:39:07.276796103 CET441263778192.168.2.13141.11.33.73
                        Jan 3, 2025 18:39:07.281589031 CET377844126141.11.33.73192.168.2.13
                        Jan 3, 2025 18:39:07.656452894 CET377844126141.11.33.73192.168.2.13
                        Jan 3, 2025 18:39:07.656570911 CET441263778192.168.2.13141.11.33.73

                        System Behavior

                        General

                        Start time (UTC):17:37:14
                        Start date (UTC):03/01/2025
                        Path:/tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf
                        Arguments:/tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf
                        File size:4956856 bytes
                        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                        Chronological Activities


                        General

                        Start time (UTC):17:37:14
                        Start date (UTC):03/01/2025
                        Path:/tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf
                        Arguments:-
                        File size:4956856 bytes
                        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                        Chronological Activities


                        General

                        Start time (UTC):17:37:14
                        Start date (UTC):03/01/2025
                        Path:/tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf
                        Arguments:-
                        File size:4956856 bytes
                        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                        Chronological Activities


                        General

                        Start time (UTC):17:37:14
                        Start date (UTC):03/01/2025
                        Path:/tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf
                        Arguments:-
                        File size:4956856 bytes
                        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                        Chronological Activities


                        General

                        Start time (UTC):17:37:20
                        Start date (UTC):03/01/2025
                        Path:/tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf
                        Arguments:-
                        File size:4956856 bytes
                        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                        Chronological Activities


                        General

                        Start time (UTC):17:37:20
                        Start date (UTC):03/01/2025
                        Path:/tmp/ub8ehJSePAfc9FYqZIT6.arm7.elf
                        Arguments:-
                        File size:4956856 bytes
                        MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                        Chronological Activities